Easy Beginner’s Guide to Set Up WordPress 2 Factor Authentication

Your website online may be your only source of income. It is your home and your workplace, and thus the need to keep it safe cannot be ignored. People have chosen passwords that are not easy to crack for their sites to ensure that no hackers can get their ways into the account. However, besides the password, there are other things you should do to ensure the maximum security, such as enabling WordPress two-factor authentication. This is an easy way to protect your site and ensure hackers find it a challenge to break into your site.

What is WordPress Two Step Authentication?

This is the best way to secure your passwords. It requires that you must possess something, for instance, your mobile device besides the password to login to your account. This aids you in that even after someone guessing your password right; they cannot get into the account without the device.

WordPress supports the two-step authentication through a mobile device. A code is sent into the mobile device to verify it, and a number of methods are then applied to secure your account. Once the code has been verified, and WordPress has the surety of the possession of the mobile device, a new code can be sent to that mobile device every time you try logging into your account. You must enter the code to log in.

Set Up Two Step Authentication

There are two main methods through which you can set up the two steps authentication on your WordPress site. Note that the feature adds an extra step to your login and ensures the maximum security for your site and thus worth trying.

Use Google Authenticator
You can use the Google Authenticator app on your mobile device. You need to start from your desktop browser and proceed to your mobile device. Visit the WordPress Settings page on the WordPress admin bar.

Click Security on the right side of the screen on the navigation.

You now can be direct to a screen where you select your country and enter the mobile phone number for the device your need to use. After entering your number, click the Next Step button.

You need to specify the type of the device in the next step to get the Google authenticator app. The device may be android device, iPhone or Blackberry. This is an app that can link your device to your WordPress site to enhance security.

After installing the app, you need to link it to your site. Click Verify Code Now and a QR can automatically appear on the screen. Open the app from your mobile device and scan the barcode to add a new entry.

You can be presented by a 6-digit code on the app that you need to enter on the space below barcode of the Settings screen of your WordPress site.

You can be directed to print the backup codes. These are the codes you need to use whenever you do not have your device. Print the codes and that is all. You need to enable the pop-up windows for your browser as this may prevent backup codes from opening.

Your site is now free from password hacks. You can verify the codes through the last step. Click Next Step and enter one of the codes to verify.

Two Step Authentication through SMS Codes
Here, you can also set up the two step authentication using SMS messages. To set up, go to your WordPress Settings page and select Two Step Authentication via SMS shown at the bottom of the screen.

After this, click Send SMS on the screen that follows. You can receive an SMS on your device with a 7-digit code that you should enter the space provided and then click Verify Code.

The last step is printing and verifying the backup codes as done with the Google Authenticator app.

How to Login After Setting up the Two Step Authentication

Logging into your site becomes a bit different once you have activated the two-step authentication. The login is not affected by the method you use; whether the Google authenticator or the SMS codes. You simply start by logging into your site as usual by entering a username or email and then the password.

A screen then appears where you need to enter the verification code that has been sent to your device, and the logging can be complete. Note that you have to open the Google Authenticator App to see the 6-digit code. With the SMS codes, just open the device messages to see the 6-digit code.

Use Backup Codes

Remember the backup codes you printed? This is the codes that gives you access to your account even after losing the mobile device or after the app has been deleted. You should generate at least ten backup codes to make sure that your account is completely safe.

Keep the printed codes in a safe place where you can access them fast anytime you need to login to your account. You should avoid saving them on your computer as someone can easily access them. When your device is not available, login as usual and enters one of the backup codes when requested to enter the verification code.

It is inevitable to have backup codes. After all, losing your device without the codes means you have to ask for support from WordPress to get your account back, which may take some time. The codes are generated immediately after setting up the WordPress two-step authentications.

The screen with the codes can appear, and you just click the print icon. You can always generate new codes if you lose the printed codes. Note that this disables the previously generated codes. The codes can only be generated from a desktop browser with pop-up windows enabled.

Specific Application Passwords

Not all people use their computers to access or create a WordPress blog. There are those who use WordPress app on mobile. Most of the apps do not support the two-step authentication, but you can still up the security by use of other means.

These are mostly the Jabber and WordPress app. You can have a password for each of the applications you use to access WordPress. You then need to disable other individual passwords and lock your app from other users.

Open the Security tab from your application and select Application Passwords on the navigation.

Name the application, any name you like, and click Generate Password. You can be given a 16-character password that you should copy-paste and save securely. You need to enter the password every time you login using that device.

You can also disable the password for a certain application if the device is lost by visiting the Security page and selecting the particular app and clicking Remove. This way, no one can access your site.

Conclusion

The simple steps above secure your site from hacking. You can decide to disable the feature by visiting the Settings page. You can see the feature has been enabled, and you can simply click Disable button to disable the two-step authentication.

This is however not recommended. You need to enter your verification code to verify disabling the feature.

Lucy has been a very experienced SEOer, technical writer, web developer, c# developer since 2002. Now she owns a startup in San Francisco, CA, focusing on running a couple of blogs to share knowledge and experience with global readers and deliver exceptional results to global sponsors by leveraging the power of Internet.

WhatsWP is designed to help WordPress beginners start and manage a WordPress site easily by providing the tutorials and guides about WordPress coding stuff, blog writing, monetization, SEO, themes, plugins, web hosting, etc.

The site was founded in 2011 and renamed from WPMatter on May 5th 2015 by Joyce, Lucy and Eunge, who are professional WordPress geeks. Each of them has worked for WordPress matters for over 5 years. Now we're a small business in San Francisco with 20+ full-time staffs fully devoted into the online blogging business.

FTC Disclosure

We're paid by for the product listing, advertisement and referral. However, this does not affect our independent thought. We never accept the review & rating linked to payments at all. We always work hard and try our best to help people find reliable WordPress hosts and other products at an affordable rate, based on our real WordPress experience in the past 7 years.